Warning: Permanently added '10.128.1.11' (ED25519) to the list of known hosts.
2026/04/18 00:37:11 parsed 1 programs
[   65.388846][ T4188] cgroup: Unknown subsys name 'net'
[   65.526465][ T4188] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   66.808865][ T4188] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k FS
[   68.624084][ T4208] chnl_net:caif_netlink_parms(): no params data found
[   68.671476][ T4208] bridge0: port 1(bridge_slave_0) entered blocking state
[   68.679814][ T4208] bridge0: port 1(bridge_slave_0) entered disabled state
[   68.687873][ T4208] device bridge_slave_0 entered promiscuous mode
[   68.698301][ T4208] bridge0: port 2(bridge_slave_1) entered blocking state
[   68.706913][ T4208] bridge0: port 2(bridge_slave_1) entered disabled state
[   68.715866][ T4208] device bridge_slave_1 entered promiscuous mode
[   68.740328][ T4208] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   68.752659][ T4208] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   68.776440][ T4208] team0: Port device team_slave_0 added
[   68.785169][ T4208] team0: Port device team_slave_1 added
[   68.803709][ T4208] batman_adv: batadv0: Adding interface: batadv_slave_0
[   68.810877][ T4208] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   68.839522][ T4208] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   68.852957][ T4208] batman_adv: batadv0: Adding interface: batadv_slave_1
[   68.860113][ T4208] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   68.888066][ T4208] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   68.924924][ T4208] device hsr_slave_0 entered promiscuous mode
[   68.932271][ T4208] device hsr_slave_1 entered promiscuous mode
[   69.039378][ T4208] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   69.053917][ T4208] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   69.065108][ T4208] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   69.077609][ T4208] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   69.108050][ T4208] bridge0: port 2(bridge_slave_1) entered blocking state
[   69.115471][ T4208] bridge0: port 2(bridge_slave_1) entered forwarding state
[   69.123874][ T4208] bridge0: port 1(bridge_slave_0) entered blocking state
[   69.131682][ T4208] bridge0: port 1(bridge_slave_0) entered forwarding state
[   69.203764][ T4208] 8021q: adding VLAN 0 to HW filter on device bond0
[   69.221778][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   69.235764][  T154] bridge0: port 1(bridge_slave_0) entered disabled state
[   69.245290][  T154] bridge0: port 2(bridge_slave_1) entered disabled state
[   69.254878][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   69.274307][ T4208] 8021q: adding VLAN 0 to HW filter on device team0
[   69.288428][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   69.299922][  T154] bridge0: port 1(bridge_slave_0) entered blocking state
[   69.307321][  T154] bridge0: port 1(bridge_slave_0) entered forwarding state
[   69.332744][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   69.343306][  T154] bridge0: port 2(bridge_slave_1) entered blocking state
[   69.350545][  T154] bridge0: port 2(bridge_slave_1) entered forwarding state
[   69.376964][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   69.386342][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   69.395448][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   69.406161][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   69.420173][ T4208] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   69.431776][ T4208] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   69.442010][ T4215] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   69.559170][ T4215] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   69.567690][ T4215] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   69.582542][ T4208] 8021q: adding VLAN 0 to HW filter on device batadv0
[   69.602967][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   69.612845][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   69.634708][ T4215] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   69.644395][ T4215] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   69.655958][ T4208] device veth0_vlan entered promiscuous mode
[   69.664520][ T4215] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   69.673353][ T4215] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   69.686600][ T4208] device veth1_vlan entered promiscuous mode
[   69.714440][ T4215] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   69.724894][ T4215] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   69.733955][ T4215] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   69.743360][ T4215] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   69.754244][ T4208] device veth0_macvtap entered promiscuous mode
[   69.766363][ T4208] device veth1_macvtap entered promiscuous mode
[   69.785843][ T4208] batman_adv: batadv0: Interface activated: batadv_slave_0
[   69.795199][ T4215] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   69.804208][ T4215] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   69.813322][ T4215] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   69.822564][ T4215] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   69.836420][ T4208] batman_adv: batadv0: Interface activated: batadv_slave_1
[   69.844709][ T4215] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   69.854190][ T4215] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   69.866634][ T4208] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   69.876245][ T4208] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   69.894386][ T4208] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   69.904464][ T4208] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   70.232029][  T404] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   71.884587][ T1431] ieee802154 phy0 wpan0: encryption failed: -22
[   71.891168][ T1431] ieee802154 phy1 wpan1: encryption failed: -22
[   72.458102][  T404] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   75.027551][  T404] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   75.088925][  T404] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   75.775634][ T4215] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   75.795003][ T4215] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   75.836935][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   75.853394][ T4215] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   75.864362][ T4215] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   75.887771][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   76.067608][  T404] device hsr_slave_0 left promiscuous mode
[   76.075866][  T404] device hsr_slave_1 left promiscuous mode
[   76.084103][  T404] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   76.092236][  T404] batman_adv: batadv0: Removing interface: batadv_slave_0
[   76.102775][  T404] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   76.110495][  T404] batman_adv: batadv0: Removing interface: batadv_slave_1
[   76.118109][  T404] device bridge_slave_1 left promiscuous mode
[   76.125103][  T404] bridge0: port 2(bridge_slave_1) entered disabled state
[   76.138471][  T404] device bridge_slave_0 left promiscuous mode
[   76.147061][  T404] bridge0: port 1(bridge_slave_0) entered disabled state
[   76.164835][  T404] device veth1_macvtap left promiscuous mode
[   76.171588][  T404] device veth0_macvtap left promiscuous mode
[   76.177678][  T404] device veth1_vlan left promiscuous mode
[   76.184391][  T404] device veth0_vlan left promiscuous mode
[   76.327013][  T404] team0 (unregistering): Port device team_slave_1 removed
[   76.338538][  T404] team0 (unregistering): Port device team_slave_0 removed
[   76.351072][  T404] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   76.366260][  T404] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   76.414854][  T404] bond0 (unregistering): Released all slaves
2026/04/18 00:37:25 executed programs: 0
[   78.168825][ T4351] chnl_net:caif_netlink_parms(): no params data found
[   78.268493][ T4351] bridge0: port 1(bridge_slave_0) entered blocking state
[   78.280224][ T4351] bridge0: port 1(bridge_slave_0) entered disabled state
[   78.289161][ T4351] device bridge_slave_0 entered promiscuous mode
[   78.299494][ T4351] bridge0: port 2(bridge_slave_1) entered blocking state
[   78.307368][ T4351] bridge0: port 2(bridge_slave_1) entered disabled state
[   78.319741][ T4351] device bridge_slave_1 entered promiscuous mode
[   78.348869][ T4351] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   78.364024][ T4351] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   78.391726][ T4351] team0: Port device team_slave_0 added
[   78.399994][ T4351] team0: Port device team_slave_1 added
[   78.424475][ T4351] batman_adv: batadv0: Adding interface: batadv_slave_0
[   78.431658][ T4351] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   78.458594][ T4351] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   78.472001][ T4351] batman_adv: batadv0: Adding interface: batadv_slave_1
[   78.479073][ T4351] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   78.506806][ T4351] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   78.544930][ T4351] device hsr_slave_0 entered promiscuous mode
[   78.552285][ T4351] device hsr_slave_1 entered promiscuous mode
[   79.378404][ T4351] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   79.390236][ T4351] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   79.402421][ T4351] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   79.413116][ T4351] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   79.486927][ T4351] 8021q: adding VLAN 0 to HW filter on device bond0
[   79.503569][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   79.521281][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   79.540160][ T4351] 8021q: adding VLAN 0 to HW filter on device team0
[   79.554022][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   79.564749][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   79.576286][    T9] bridge0: port 1(bridge_slave_0) entered blocking state
[   79.583931][    T9] bridge0: port 1(bridge_slave_0) entered forwarding state
[   79.606008][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   79.614732][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   79.627605][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   79.638968][    T9] bridge0: port 2(bridge_slave_1) entered blocking state
[   79.646364][    T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[   79.656626][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   79.677223][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   79.687272][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   79.699732][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   79.711484][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   79.721034][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   79.737521][ T4351] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   79.749406][ T4351] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   79.795466][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   79.804470][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   79.813604][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   79.824721][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   79.833953][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   79.844199][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   80.033210][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   80.043730][ T1334] Bluetooth: hci0: command 0x0409 tx timeout
[   80.053539][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   80.074095][ T4351] 8021q: adding VLAN 0 to HW filter on device batadv0
[   80.137555][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   80.148251][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   80.168210][ T4351] device veth0_vlan entered promiscuous mode
[   80.178926][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   80.188453][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   80.199556][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   80.209558][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   80.248926][ T4351] device veth1_vlan entered promiscuous mode
[   80.325592][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   80.339972][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   80.353470][ T4351] device veth0_macvtap entered promiscuous mode
[   80.390983][ T4351] device veth1_macvtap entered promiscuous mode
[   80.414725][ T4351] batman_adv: batadv0: Interface activated: batadv_slave_0
[   80.427382][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   80.437974][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   80.448448][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   80.459394][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   80.473812][ T4351] batman_adv: batadv0: Interface activated: batadv_slave_1
[   80.486700][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   80.496872][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   80.511284][ T4351] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   80.520127][ T4351] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   80.535223][ T4351] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   80.545031][ T4351] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   80.664186][ T4215] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   80.673534][ T4215] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   80.686495][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   80.713969][    T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   80.725503][    T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   80.762378][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   81.345094][ T4469] loop0: detected capacity change from 0 to 32768
[   81.388010][ T4469] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[   81.410449][ T4469] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[   81.450177][ T4469] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[   81.481489][ T1334] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[   81.488728][ T1334] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[   81.534135][ T1334] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 45ms
[   81.544178][ T1334] gfs2: fsid=syz:syz.0: jid=0: Done
[   81.552136][ T4469] gfs2: fsid=syz:syz.0: first mount done, others may mount
[   81.673257][ T4469] gfs2: fsid=syz:syz.0: found 1 quota changes
[   81.702945][ T4351] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[   81.702945][ T4351]   inode = 11 2339
[   81.702945][ T4351]   function = gfs2_dinode_in, file = fs/gfs2/glops.c, line = 465
[   81.761159][ T4351] gfs2: fsid=syz:syz.0: about to withdraw this file system
[   81.790826][ T4351] gfs2: fsid=syz:syz.0: warning: assertion "!qd->qd_change" failed at function = gfs2_quota_cleanup, file = fs/gfs2/quota.c, line = 1485
[   81.820783][ T4351] CPU: 0 PID: 4351 Comm: syz-executor Not tainted syzkaller #0
[   81.829040][ T4351] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[   81.839819][ T4351] Call Trace:
[   81.843453][ T4351]  <TASK>
[   81.846489][ T4351]  dump_stack_lvl+0x188/0x250
[   81.851373][ T4351]  ? show_regs_print_info+0x20/0x20
[   81.856602][ T4351]  ? load_image+0x400/0x400
[   81.861220][ T4351]  ? do_raw_spin_unlock+0x11d/0x230
[   81.866533][ T4351]  gfs2_assert_warn_i+0x18f/0x2c0
[   81.871735][ T4351]  gfs2_quota_cleanup+0x4b4/0x6a0
[   81.876778][ T4351]  gfs2_make_fs_ro+0x440/0x620
[   81.881580][ T4351]  ? __might_sleep+0xf0/0xf0
[   81.886190][ T4351]  ? gfs2_dinode_out+0xb00/0xb00
[   81.891218][ T4351]  ? _raw_spin_unlock+0x24/0x40
[   81.896067][ T4351]  ? gfs2_glock_nq+0xcb0/0x1550
[   81.900949][ T4351]  gfs2_withdraw+0x610/0x1490
[   81.905757][ T4351]  ? gfs2_lm+0x240/0x240
[   81.910027][ T4351]  ? __schedule+0x11f7/0x43c0
[   81.914919][ T4351]  ? gfs2_freeze_lock+0x52/0xc0
[   81.920575][ T4351]  ? gfs2_consist_inode_i+0xc0/0xe0
[   81.926044][ T4351]  gfs2_inode_refresh+0xb64/0xff0
[   81.931173][ T4351]  ? do_promote+0x71a/0xab0
[   81.936180][ T4351]  ? gfs2_inode_metasync+0xf0/0xf0
[   81.942060][ T4351]  ? __lock_acquire+0x7d10/0x7d10
[   81.947179][ T4351]  inode_go_lock+0x127/0x470
[   81.951985][ T4351]  do_promote+0x741/0xab0
[   81.956340][ T4351]  finish_xmote+0x4df/0xb00
[   81.961038][ T4351]  do_xmote+0x7b6/0x1120
[   81.965483][ T4351]  gfs2_glock_nq+0xc7a/0x1550
[   81.970593][ T4351]  do_sync+0x4ab/0xc40
[   81.975670][ T4351]  ? slot_put+0x1e0/0x1e0
[   81.980030][ T4351]  ? __lock_acquire+0x7d10/0x7d10
[   81.985150][ T4351]  ? do_raw_spin_lock+0x128/0x2f0
[   81.990364][ T4351]  ? do_sync+0x4a3/0xc40
[   81.994615][ T4351]  ? do_raw_spin_unlock+0x11d/0x230
[   81.999994][ T4351]  gfs2_quota_sync+0x32c/0x700
[   82.004866][ T4351]  gfs2_sync_fs+0x48/0xb0
[   82.009306][ T4351]  sync_filesystem+0xe6/0x220
[   82.014201][ T4351]  generic_shutdown_super+0x6b/0x300
[   82.019966][ T4351]  kill_block_super+0x7c/0xe0
[   82.024926][ T4351]  deactivate_locked_super+0x93/0xf0
[   82.030512][ T4351]  cleanup_mnt+0x42d/0x4e0
[   82.035027][ T4351]  ? lockdep_hardirqs_on+0x94/0x140
[   82.040244][ T4351]  task_work_run+0x125/0x1a0
[   82.044876][ T4351]  exit_to_user_mode_loop+0x10f/0x130
[   82.050461][ T4351]  exit_to_user_mode_prepare+0xee/0x180
[   82.056029][ T4351]  syscall_exit_to_user_mode+0x16/0x40
[   82.061590][ T4351]  do_syscall_64+0x58/0xa0
[   82.066104][ T4351]  ? clear_bhb_loop+0x30/0x80
[   82.070924][ T4351]  ? clear_bhb_loop+0x30/0x80
[   82.075703][ T4351]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   82.082197][ T4351] RIP: 0033:0x7f7d53f44a57
[   82.086818][ T4351] Code: a2 c7 05 9c fc 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[   82.107595][ T4351] RSP: 002b:00007ffd12d0f7a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[   82.116201][ T4351] RAX: 0000000000000000 RBX: 00007f7d53fd9048 RCX: 00007f7d53f44a57
[   82.121050][ T4402] Bluetooth: hci0: command 0x041b tx timeout
[   82.124383][ T4351] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd12d0f860
[   82.138836][ T4351] RBP: 00007ffd12d0f860 R08: 00007ffd12d10860 R09: 00000000ffffffff
[   82.146921][ T4351] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd12d108f0
[   82.155045][ T4351] R13: 00007f7d53fd9048 R14: 0000000000013b9d R15: 00007ffd12d10930
[   82.163266][ T4351]  </TASK>
[   82.178381][ T4351] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[   82.187582][ T4351] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[   82.195995][ T4351] gfs2: fsid=syz:syz.0: File system withdrawn
[   82.202780][ T4351] CPU: 0 PID: 4351 Comm: syz-executor Not tainted syzkaller #0
[   82.210537][ T4351] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[   82.221231][ T4351] Call Trace:
[   82.224555][ T4351]  <TASK>
[   82.227787][ T4351]  dump_stack_lvl+0x188/0x250
[   82.232510][ T4351]  ? kobject_uevent_env+0x371/0x890
[   82.237727][ T4351]  ? show_regs_print_info+0x20/0x20
[   82.243064][ T4351]  ? load_image+0x400/0x400
[   82.247591][ T4351]  ? kobject_uevent_env+0x371/0x890
[   82.252813][ T4351]  ? lockref_put_or_lock+0x6e/0xb0
[   82.258237][ T4351]  gfs2_withdraw+0x1149/0x1490
[   82.263320][ T4351]  ? gfs2_lm+0x240/0x240
[   82.268143][ T4351]  ? __schedule+0x11f7/0x43c0
[   82.272859][ T4351]  ? gfs2_consist_inode_i+0xc0/0xe0
[   82.278278][ T4351]  gfs2_inode_refresh+0xb64/0xff0
[   82.283409][ T4351]  ? do_promote+0x71a/0xab0
[   82.287963][ T4351]  ? gfs2_inode_metasync+0xf0/0xf0
[   82.293141][ T4351]  ? __lock_acquire+0x7d10/0x7d10
[   82.298286][ T4351]  inode_go_lock+0x127/0x470
[   82.303848][ T4351]  do_promote+0x741/0xab0
[   82.308233][ T4351]  finish_xmote+0x4df/0xb00
[   82.313110][ T4351]  do_xmote+0x7b6/0x1120
[   82.317553][ T4351]  gfs2_glock_nq+0xc7a/0x1550
[   82.322454][ T4351]  do_sync+0x4ab/0xc40
[   82.327012][ T4351]  ? slot_put+0x1e0/0x1e0
[   82.331532][ T4351]  ? __lock_acquire+0x7d10/0x7d10
[   82.336649][ T4351]  ? do_raw_spin_lock+0x128/0x2f0
[   82.341961][ T4351]  ? do_sync+0x4a3/0xc40
[   82.346213][ T4351]  ? do_raw_spin_unlock+0x11d/0x230
[   82.351589][ T4351]  gfs2_quota_sync+0x32c/0x700
[   82.356467][ T4351]  gfs2_sync_fs+0x48/0xb0
[   82.360895][ T4351]  sync_filesystem+0xe6/0x220
[   82.365952][ T4351]  generic_shutdown_super+0x6b/0x300
[   82.371701][ T4351]  kill_block_super+0x7c/0xe0
[   82.376729][ T4351]  deactivate_locked_super+0x93/0xf0
[   82.382403][ T4351]  cleanup_mnt+0x42d/0x4e0
[   82.386909][ T4351]  ? lockdep_hardirqs_on+0x94/0x140
[   82.392230][ T4351]  task_work_run+0x125/0x1a0
[   82.397043][ T4351]  exit_to_user_mode_loop+0x10f/0x130
[   82.402540][ T4351]  exit_to_user_mode_prepare+0xee/0x180
[   82.408101][ T4351]  syscall_exit_to_user_mode+0x16/0x40
[   82.413915][ T4351]  do_syscall_64+0x58/0xa0
[   82.418609][ T4351]  ? clear_bhb_loop+0x30/0x80
[   82.423480][ T4351]  ? clear_bhb_loop+0x30/0x80
[   82.428173][ T4351]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   82.434190][ T4351] RIP: 0033:0x7f7d53f44a57
[   82.439236][ T4351] Code: a2 c7 05 9c fc 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[   82.459529][ T4351] RSP: 002b:00007ffd12d0f7a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[   82.468146][ T4351] RAX: 0000000000000000 RBX: 00007f7d53fd9048 RCX: 00007f7d53f44a57
[   82.476930][ T4351] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd12d0f860
[   82.485730][ T4351] RBP: 00007ffd12d0f860 R08: 00007ffd12d10860 R09: 00000000ffffffff
[   82.493713][ T4351] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd12d108f0
[   82.501884][ T4351] R13: 00007f7d53fd9048 R14: 0000000000013b9d R15: 00007ffd12d10930
[   82.510390][ T4351]  </TASK>
[   82.531174][ T4351] ==================================================================
[   82.539844][ T4351] BUG: KASAN: use-after-free in qd_unlock+0x30/0x2d0
[   82.546624][ T4351] Read of size 8 at addr ffff888073b59090 by task syz-executor/4351
[   82.554814][ T4351] 
[   82.557150][ T4351] CPU: 0 PID: 4351 Comm: syz-executor Not tainted syzkaller #0
[   82.564751][ T4351] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[   82.574919][ T4351] Call Trace:
[   82.578223][ T4351]  <TASK>
[   82.581154][ T4351]  dump_stack_lvl+0x188/0x250
[   82.585838][ T4351]  ? show_regs_print_info+0x20/0x20
[   82.591045][ T4351]  ? _printk+0xda/0x130
[   82.595293][ T4351]  ? qd_unlock+0x30/0x2d0
[   82.600417][ T4351]  ? load_image+0x400/0x400
[   82.605109][ T4351]  ? _raw_spin_lock_irqsave+0xbc/0x100
[   82.610592][ T4351]  print_address_description+0x60/0x2d0
[   82.616343][ T4351]  ? qd_unlock+0x30/0x2d0
[   82.621040][ T4351]  kasan_report+0xdf/0x130
[   82.625567][ T4351]  ? qd_unlock+0x30/0x2d0
[   82.630152][ T4351]  kasan_check_range+0x235/0x290
[   82.635198][ T4351]  qd_unlock+0x30/0x2d0
[   82.639661][ T4351]  gfs2_quota_sync+0x5cf/0x700
[   82.644549][ T4351]  gfs2_sync_fs+0x48/0xb0
[   82.648902][ T4351]  sync_filesystem+0xe6/0x220
[   82.653744][ T4351]  generic_shutdown_super+0x6b/0x300
[   82.659221][ T4351]  kill_block_super+0x7c/0xe0
[   82.663991][ T4351]  deactivate_locked_super+0x93/0xf0
[   82.669704][ T4351]  cleanup_mnt+0x42d/0x4e0
[   82.674206][ T4351]  ? lockdep_hardirqs_on+0x94/0x140
[   82.680025][ T4351]  task_work_run+0x125/0x1a0
[   82.685068][ T4351]  exit_to_user_mode_loop+0x10f/0x130
[   82.690818][ T4351]  exit_to_user_mode_prepare+0xee/0x180
[   82.696686][ T4351]  syscall_exit_to_user_mode+0x16/0x40
[   82.702514][ T4351]  do_syscall_64+0x58/0xa0
[   82.707031][ T4351]  ? clear_bhb_loop+0x30/0x80
[   82.712051][ T4351]  ? clear_bhb_loop+0x30/0x80
[   82.716736][ T4351]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   82.722725][ T4351] RIP: 0033:0x7f7d53f44a57
[   82.727173][ T4351] Code: a2 c7 05 9c fc 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[   82.747222][ T4351] RSP: 002b:00007ffd12d0f7a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[   82.755846][ T4351] RAX: 0000000000000000 RBX: 00007f7d53fd9048 RCX: 00007f7d53f44a57
[   82.763925][ T4351] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd12d0f860
[   82.771918][ T4351] RBP: 00007ffd12d0f860 R08: 00007ffd12d10860 R09: 00000000ffffffff
[   82.780056][ T4351] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd12d108f0
[   82.788196][ T4351] R13: 00007f7d53fd9048 R14: 0000000000013b9d R15: 00007ffd12d10930
[   82.796175][ T4351]  </TASK>
[   82.799196][ T4351] 
[   82.801553][ T4351] Allocated by task 4469:
[   82.805940][ T4351]  __kasan_slab_alloc+0x9c/0xd0
[   82.811057][ T4351]  slab_post_alloc_hook+0x4c/0x380
[   82.816167][ T4351]  kmem_cache_alloc+0x100/0x290
[   82.821366][ T4351]  qd_alloc+0x50/0x260
[   82.825632][ T4351]  gfs2_quota_init+0x74e/0xea0
[   82.830384][ T4351]  gfs2_make_fs_rw+0x414/0x580
[   82.835133][ T4351]  gfs2_fill_super+0x1837/0x1f00
[   82.840055][ T4351]  get_tree_bdev+0x3f1/0x610
[   82.844718][ T4351]  gfs2_get_tree+0x4d/0x1e0
[   82.849205][ T4351]  vfs_get_tree+0x88/0x270
[   82.853881][ T4351]  do_new_mount+0x24a/0xa40
[   82.858470][ T4351]  __se_sys_mount+0x2e3/0x3d0
[   82.863215][ T4351]  do_syscall_64+0x4c/0xa0
[   82.867617][ T4351]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   82.873558][ T4351] 
[   82.875885][ T4351] Freed by task 3542:
[   82.879880][ T4351]  kasan_set_track+0x4b/0x70
[   82.884741][ T4351]  kasan_set_free_info+0x1f/0x40
[   82.889872][ T4351]  ____kasan_slab_free+0xd5/0x110
[   82.894915][ T4351]  slab_free_freelist_hook+0xea/0x170
[   82.900553][ T4351]  kmem_cache_free+0x8f/0x210
[   82.905490][ T4351]  rcu_core+0x9d2/0x1670
[   82.909818][ T4351]  handle_softirqs+0x339/0x830
[   82.914565][ T4351]  __irq_exit_rcu+0x13b/0x230
[   82.919224][ T4351]  irq_exit_rcu+0x5/0x20
[   82.923455][ T4351]  sysvec_apic_timer_interrupt+0xa0/0xc0
[   82.929162][ T4351]  asm_sysvec_apic_timer_interrupt+0x16/0x20
[   82.935213][ T4351] 
[   82.937523][ T4351] Last potentially related work creation:
[   82.943395][ T4351]  kasan_save_stack+0x35/0x60
[   82.948169][ T4351]  kasan_record_aux_stack+0xb8/0x100
[   82.954148][ T4351]  call_rcu+0x189/0x950
[   82.958303][ T4351]  gfs2_quota_cleanup+0x43c/0x6a0
[   82.963314][ T4351]  gfs2_make_fs_ro+0x440/0x620
[   82.968072][ T4351]  gfs2_withdraw+0x610/0x1490
[   82.972741][ T4351]  gfs2_inode_refresh+0xb64/0xff0
[   82.977757][ T4351]  inode_go_lock+0x127/0x470
[   82.982414][ T4351]  do_promote+0x741/0xab0
[   82.987392][ T4351]  finish_xmote+0x4df/0xb00
[   82.991914][ T4351]  do_xmote+0x7b6/0x1120
[   82.996189][ T4351]  gfs2_glock_nq+0xc7a/0x1550
[   83.000861][ T4351]  do_sync+0x4ab/0xc40
[   83.005152][ T4351]  gfs2_quota_sync+0x32c/0x700
[   83.010058][ T4351]  gfs2_sync_fs+0x48/0xb0
[   83.014411][ T4351]  sync_filesystem+0xe6/0x220
[   83.019088][ T4351]  generic_shutdown_super+0x6b/0x300
[   83.024484][ T4351]  kill_block_super+0x7c/0xe0
[   83.029271][ T4351]  deactivate_locked_super+0x93/0xf0
[   83.034749][ T4351]  cleanup_mnt+0x42d/0x4e0
[   83.039332][ T4351]  task_work_run+0x125/0x1a0
[   83.044111][ T4351]  exit_to_user_mode_loop+0x10f/0x130
[   83.049508][ T4351]  exit_to_user_mode_prepare+0xee/0x180
[   83.055042][ T4351]  syscall_exit_to_user_mode+0x16/0x40
[   83.060641][ T4351]  do_syscall_64+0x58/0xa0
[   83.065053][ T4351]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   83.070935][ T4351] 
[   83.073250][ T4351] The buggy address belongs to the object at ffff888073b59000
[   83.073250][ T4351]  which belongs to the cache gfs2_quotad of size 272
[   83.087296][ T4351] The buggy address is located 144 bytes inside of
[   83.087296][ T4351]  272-byte region [ffff888073b59000, ffff888073b59110)
[   83.100992][ T4351] The buggy address belongs to the page:
[   83.106632][ T4351] page:ffffea0001ced640 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x73b59
[   83.117139][ T4351] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[   83.124772][ T4351] raw: 00fff00000000200 0000000000000000 dead000000000122 ffff88801e520780
[   83.133404][ T4351] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000
[   83.141970][ T4351] page dumped because: kasan: bad access detected
[   83.148574][ T4351] page_owner tracks the page as allocated
[   83.154271][ T4351] page last allocated via order 0, migratetype Reclaimable, gfp_mask 0x112c50(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL|__GFP_RECLAIMABLE), pid 4469, ts 81664700942, free_ts 79692764458
[   83.173458][ T4351]  get_page_from_freelist+0x1bbd/0x1ca0
[   83.179048][ T4351]  __alloc_pages+0x1ee/0x480
[   83.183630][ T4351]  new_slab+0xc0/0x4b0
[   83.187684][ T4351]  ___slab_alloc+0x80a/0xdd0
[   83.192521][ T4351]  kmem_cache_alloc+0x195/0x290
[   83.197892][ T4351]  qd_alloc+0x50/0x260
[   83.202042][ T4351]  gfs2_quota_init+0x74e/0xea0
[   83.206789][ T4351]  gfs2_make_fs_rw+0x414/0x580
[   83.211708][ T4351]  gfs2_fill_super+0x1837/0x1f00
[   83.216740][ T4351]  get_tree_bdev+0x3f1/0x610
[   83.221320][ T4351]  gfs2_get_tree+0x4d/0x1e0
[   83.225833][ T4351]  vfs_get_tree+0x88/0x270
[   83.230410][ T4351]  do_new_mount+0x24a/0xa40
[   83.235075][ T4351]  __se_sys_mount+0x2e3/0x3d0
[   83.240349][ T4351]  do_syscall_64+0x4c/0xa0
[   83.244753][ T4351]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   83.250718][ T4351] page last free stack trace:
[   83.255468][ T4351]  free_unref_page_prepare+0x637/0x6c0
[   83.261098][ T4351]  free_unref_page+0x8f/0x2a0
[   83.266149][ T4351]  __unfreeze_partials+0x1a5/0x200
[   83.271546][ T4351]  put_cpu_partial+0x12d/0x190
[   83.276331][ T4351]  qlist_free_all+0x35/0x90
[   83.280922][ T4351]  kasan_quarantine_reduce+0x150/0x160
[   83.286455][ T4351]  __kasan_slab_alloc+0x2f/0xd0
[   83.291425][ T4351]  slab_post_alloc_hook+0x4c/0x380
[   83.296900][ T4351]  kmem_cache_alloc+0x100/0x290
[   83.301778][ T4351]  __anon_vma_prepare+0x66/0x410
[   83.306845][ T4351]  handle_mm_fault+0x3be0/0x4410
[   83.311842][ T4351]  do_user_addr_fault+0x489/0xc80
[   83.317062][ T4351]  exc_page_fault+0x60/0x100
[   83.321753][ T4351]  asm_exc_page_fault+0x22/0x30
[   83.326952][ T4351] 
[   83.329438][ T4351] Memory state around the buggy address:
[   83.335138][ T4351]  ffff888073b58f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   83.343191][ T4351]  ffff888073b59000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   83.351258][ T4351] >ffff888073b59080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   83.359310][ T4351]                          ^
[   83.363893][ T4351]  ffff888073b59100: fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   83.371951][ T4351]  ffff888073b59180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   83.380190][ T4351] ==================================